Annotation of embedaddon/php/ext/xsl/tests/bug54446_with_ini.phpt, revision 1.1.1.1
1.1 misho 1: --TEST--
2: Bug #54446 (Arbitrary file creation via libxslt 'output' extension with php.ini setting)
3: --SKIPIF--
4: <?php
5: if (!extension_loaded('xsl')) die("skip Extension XSL is required\n");
6: ?>
7: --FILE--
8: <?php
9: include("prepare.inc");
10:
11: $outputfile = dirname(__FILE__)."/bug54446test.txt";
12: if (file_exists($outputfile)) {
13: unlink($outputfile);
14: }
15:
16: $sXsl = <<<EOT
17: <xsl:stylesheet version="1.0"
18: xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
19: xmlns:sax="http://icl.com/saxon"
20: extension-element-prefixes="sax">
21:
22: <xsl:template match="/">
23: <sax:output href="$outputfile" method="text">
24: <xsl:value-of select="'0wn3d via PHP and libxslt ...'"/>
25: </sax:output>
26: </xsl:template>
27:
28: </xsl:stylesheet>
29: EOT;
30:
31: $xsl->loadXML( $sXsl );
32:
33: # START XSLT
34: $proc->importStylesheet( $xsl );
35:
36: # TRASNFORM & PRINT
37: print $proc->transformToXML( $dom );
38:
39:
40: if (file_exists($outputfile)) {
41: print "$outputfile exists, but shouldn't!\n";
42: } else {
43: print "OK, no file created\n";
44: }
45:
46: #SET NO SECURITY PREFS
47: ini_set("xsl.security_prefs", XSL_SECPREF_NONE);
48:
49: # TRASNFORM & PRINT
50: print $proc->transformToXML( $dom );
51:
52:
53: if (file_exists($outputfile)) {
54: print "OK, file exists\n";
55: } else {
56: print "$outputfile doesn't exist, but should!\n";
57: }
58:
59: unlink($outputfile);
60:
61: #SET SECURITY PREFS AGAIN
62: ini_set("xsl.security_prefs", XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY);
63:
64: # TRASNFORM & PRINT
65: print $proc->transformToXML( $dom );
66:
67: if (file_exists($outputfile)) {
68: print "$outputfile exists, but shouldn't!\n";
69: } else {
70: print "OK, no file created\n";
71: }
72:
73:
74: --EXPECTF--
75: Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
76:
77: Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
78:
79: Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
80:
81: Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
82: OK, no file created
83: OK, file exists
84:
85: Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
86:
87: Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
88:
89: Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
90:
91: Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
92: OK, no file created
93: --CREDITS--
94: Christian Stocker, chregu@php.net
95:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to bug54446_with_ini.phpt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / php / ext / xsl / tests